Podcasts about Siem

Siem de Jong, Jan Vertonghen, Demy de Zeeuw en Maarten Stekelenburg halen herinneringen op aan het seizoen 2010/2011. Siem heeft wat mooie beelden uitgezocht, waar ze samen naar kijken.Deze aflevering is mede mogelijk gemaakt door Heineken. Wil je meedoen met de Cruyff Legacy 14K 2026 op zondag 12 april? Ga naar 14krun.nl voor alle info

Most organizations are drowning in data they can't process fast enough — leaving critical security gaps that adversaries exploit. Michael Cucchi, Chief Marketing Officer at Hydraulics, reveals how a groundbreaking new data architecture is transforming real-time security analytics, slashing processing costs by up to 40X while capturing every byte of telemetry across global networks.In this episode, you'll discover why traditional Security Information and Event Management (SIEM) systems are no longer sufficient for today's threat landscape. Michael breaks down the limitations of legacy data storage, ingestion bottlenecks, and costly rehydration issues that leave security teams blind during breaches. He shares how leading companies are adopting a new security data fabric designed for hyper-scalability, instant analysis, and unprecedented data retention — all at a fraction of the cost.We break down:The evolution and modern challenges of the SIM market, including why outdated architectures struggle with today's data volumes.How security analytics are rapidly moving toward real-time, agentic automation driven by AI and large-scale data fabrics.The critical importance of low-latency querying, cost-effective storage, and flexible architectures that enable security teams to operate at machine speed.Why the next wave of security operations will depend on maintaining and rehydrating vast, granular data stores without breaking the bank.How innovative companies like Hydraulics are building the emerging data fabric that will underpin zero-trust, AI-driven security in the years ahead.This episode is essential listening for security professionals, CTOs, and data architects eager to stay ahead of the exponential growth in security signals, threats, and complexity. Miss out on these insights, and your organization risks falling behind—armed only with legacy systems that can't keep up. A smarter, faster, cheaper future for security analytics is here.Plus, Michael shares exclusive research coming to RSA — including advances in AI-driven bots and zero trust frameworks. Whether you're defending enterprise assets or building next-generation SOCs, this conversation is your gateway to the future of security data management.Timestamps: 00:00 – Introduction and episode overview02:24 – Michael's background and experience in data science and security04:52 – How infrastructure and SIEM technologies have evolved over the past decade08:15 – Limitations of current SIEM architectures and data retention challenges12:10 – Hydraulics' approach to scalable, cost-effective security data platforms15:24 – The importance of real-time analytics in security operations17:00 – AI and automation in breach detection and incident response19:34 – Scaling security telemetry across global networks and CDN signals22:10 – The object-oriented storage analogy in security data management25:05 – Crossing the chasm: from traditional SIEM to real-time data fabric28:13 – Future of AI in security automation and the next decade in security tech31:01 – Final insights and how to connect with HydraulicsResources & Links:https://hydrolix.ioAWS Object StorageUnderstanding Data Fabrics in Security (hypothetical link)

In this episode of the Shift AI Podcast, Scott Roberts, CISO at UiPath, joins host Boaz Ashkenazy for a deep dive into how agentic AI is reshaping enterprise security and automation—both for customers and inside UiPath itself.Scott shares his 25-year security journey spanning Microsoft's early Security Response Center days (including the era that produced Patch Tuesday and the Security Development Lifecycle), product security work across Windows and Xbox, time at AWS, and leadership roles at Google where he helped build the Android Security Assurance and Pixel Security teams and the Android Monthly Security Update process. He also discusses his work in security standards across IPsec, HTML5 encrypted media, GSMA device security, and most recently, contributions to emerging agentic AI security standards.The conversation then explores UiPath's evolution from traditional RPA into a unified platform that combines deterministic automation with agentic workflows. Scott walks through a real-world healthcare billing example where agentic automation increased deduplication accuracy dramatically by handling complex, variable inputs that classic RPA struggled with—while still keeping humans in the loop and feeding outcomes back into the system to improve over time.Boaz and Scott go deep on what's changed for CISOs in the post-LLM world: the need for guardrails, identity and entitlements for AI agents, and the challenge of end users copying sensitive information into consumer AI tools. Scott explains UiPath's approach: enable adoption while using nudges and policy controls to redirect sensitive workflows into enterprise-safe environments rather than relying solely on blocks.The episode closes with an eye-opening look at UiPath's internal “agentic threat analyst” system—an orchestration of 60+ agents that can investigate SIEM alerts end-to-end, generate structured incident writeups, and compress hours of analyst work into roughly a minute and a half. Scott's future-looking takeaway: as AI models evolve beyond “read-only” into potentially “read-write” systems that can update their foundational knowledge, the acceleration could be truly mind-blowing.This episode is essential listening for security leaders, enterprise operators, and automation teams trying to understand how agentic systems change not just productivity, but the entire security operating model.Chapters[00:01] Scott's Security Journey: Microsoft, Google, Coinbase, UiPath[01:33] Security Standards Work: From IPsec to Agentic AI Standards[04:08] What UiPath Does: Process Orchestration, RPA, and Enterprise Automation[06:28] RPA vs Agentic Automation: A Healthcare Billing Deduplication Example[09:17] The Agentic Stack: Canvas, Guardrails, and the AI Trust Layer[10:31] How LLMs Change Security: Data Controls, Access, and Governance[12:14] Internal Adoption at UiPath: AI Tooling by Persona (Legal, Finance, Engineering)[13:13] Code Velocity and Security: Agents Generating Code, Agents Verifying It[15:53] Two AI Security Worlds: Orchestration Platforms vs End-User Chat Interfaces[17:11] Securing End Users: Enterprise LLMs, Nudges, and Browser-Based Controls[19:07] Sovereign AI and Data Boundaries: Keeping Data in the Right Region[21:00] Over-Permissioning Meets Agents: Why AI Makes Old Problems Obvious Fast[22:21] The Next Wave: AI Transforming the Entire SDLC End-to-End[24:53] Security Pitfalls in Agentic SDLC: Misaligned Incentives and Permissions[26:02] UiPath's Agentic Threat Analyst: 60+ Agents, SIEM to Writeup Automation[30:07] What Changes for Humans: Faster “Time to Truth” and Higher-Leverage Work[32:09] Two-Word Future: “Mind Blowing” and Read/Write ModelsConnect with Scott RobertsLinkedIn: https://www.linkedin.com/in/scottroberts6/Connect with Boaz AshkenazyLinkedIn: https://www.linkedin.com/in/boazashkenazy/Email: info@shiftai.fm

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 86: We dig into GitLab's explosive look at North Korea's “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent. Plus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple's shutdown logs, and thoughts on addictive AI coding agents affecting human purpose. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Guest: Daniel Lyman, VP of Threat Detection and Response, Fiserv Topics: What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground? How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact? What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice? Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt? How do you expect AI to change the calculus around data centralization versus data federation? What is your favorite example of telemetry that is useful, but usually excluded from a SIEM? What are the Detection and Response organizational metrics that you think are most valuable? Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database? Resources: Video version "In My Time of Dying" book EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? blog

Ce mois-ci, Radio Campus Angers ouvre ses micros à des personnes migrantes qui apprennent le français avec le Gref (Groupement des éducateurs sans frontières) à Angers. Elles viennent du Soudan, de Guinée, du Tibet, d'Afghanistan, de Géorgie, d'Arménie, d'Erythrée ou encore d'Angola. Pour leur première émission, elles ont choisi de parler de leurs espoirs. Au programme : un microtrottoir où les salarié·es de la Maison pour tous (MPT) de Monplaisir confient leurs espoirs pour 2026 les témoignages de Sagda et Mazahir sur leur espoir d’apprendre le français, suivis d’interviews d’élèves du Gref le sport, une source d’espoir pour Siem et Marie une interview de Coxe, infirmier, par Mariame, dont l’espoir est de devenir aide-soignante Babikar et Arman nous parlent de respect Omir évoque son espoir d’être en bonne santé les espoirs de paix de Mohamed et Sabad, suivi d’un microtrottoir réalisé à la MPT Kamal revient sur l’histoire de son pays, le Soudan les rêves de Manahil, Moussa, Marie, Dechen, Mustapha et Mohamed un rap en arabe interprété par Youssof Merci à Ghislaine et Michelle, bénévoles au Gref, qui ont accompagné le groupe dans la préparation de cette émission. Merci aussi à Kwal, slameur angevin qui a mené des ateliers d’écriture avec les participant·es, dont sont issus les textes interprétés dans cette émission, accompagnés au piano par Tony. Un projet financé par la Direction des affaires culturelles (Drac) des Pays de la Loire.

Parce que… c'est l'épisode 0x701! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Les initiatives du gouvernement du Québec en cybersécurité Dans cet épisode du podcast, je reçois Yvan Fournier, chef gouvernemental de la sécurité de l'information du gouvernement du Québec, qui occupe le poste de sous-ministre adjoint. Cette conversation révèle l'ampleur des transformations en cours au sein de l'appareil gouvernemental québécois en matière de cybersécurité. Un parcours technique impressionnant Yvan Fournier possède un parcours professionnel remarquable de 29 ans dans le réseau de la santé, où il a occupé pratiquement tous les postes possibles, du technicien jusqu'au directeur général de la cybersécurité. Son expertise technique est considérable : il détient 22 certifications en cybersécurité, a été le premier instructeur Novell francophone, et a même participé à des concours de hacking aux États-Unis. Cette solide expérience technique lui permet aujourd'hui d'apporter une vision pragmatique et éclairée à son rôle stratégique. Les 15 mesures obligatoires : une base solide En 2019, en collaboration avec des champions du réseau gouvernemental, l'équipe d'Yvan Fournier a établi 15 mesures obligatoires de cybersécurité, inspirées du référentiel NIST. Ces mesures incluent des éléments fondamentaux comme l'authentification multifacteur, l'application des correctifs de sécurité, et l'utilisation de systèmes d'exploitation encore supportés par les fabricants. Ces mesures constituent le socle sur lequel repose aujourd'hui la stratégie de cybersécurité gouvernementale, visant à protéger les données des citoyens et assurer la continuité des services publics. Une surveillance centralisée 24/7/365 L'un des projets phares actuels est la mise en place d'un service de surveillance centralisé fonctionnant 24 heures sur 24, 7 jours sur 7, 365 jours par année, basé sur l'intelligence artificielle. Historiquement, chaque organisme public devait assurer sa propre surveillance, ce qui créait des disparités importantes selon les ressources disponibles. Les petits organismes ne pouvaient pas se permettre d'avoir du personnel de garde en permanence. Le nouveau système centralise les données provenant de multiples sources : les EDR (antivirus avancés), les balayages de vulnérabilités externes et internes, les PDNS (pour surveiller les employés en télétravail), et les vérifications des Active Directory. Toutes ces informations convergent vers des SIEM et SOAR locaux, basés sur l'IA, permettant une vue d'ensemble complète de l'état de sécurité du gouvernement. Le gouvernement collabore également avec des firmes privées pour assurer cette surveillance continue. Fait intéressant, le coût de ce service est environ deux fois moins élevé que ce que paient certaines organisations privées, tout en offrant un niveau de service supérieur. Le regroupement RHI : une révolution organisationnelle Un changement majeur qui n'a pas reçu l'attention médiatique qu'il mérite est le regroupement RHI, qui intègre la cybersécurité de 52 organismes publics (ministères et organismes) directement au sein du MCN (Ministère de la Cybersécurité et du Numérique). Cette centralisation, qui prendra effet à partir du 1er avril, permettra d'harmoniser les choix technologiques et stratégiques dans tout l'appareil gouvernemental. Comme le souligne Fournier, ce n'est pas parce qu'un organisme est petit qu'il doit avoir une sécurité moins robuste, car tous les systèmes sont interconnectés et une vulnérabilité dans un petit organisme peut compromettre l'ensemble. L'automatisation et la réactivité L'un des enjeux majeurs identifiés par Fournier est la vitesse à laquelle les attaques se produisent désormais. Avec l'arrivée de l'intelligence artificielle, le nombre d'attaques a augmenté drastiquement, et le temps entre la découverte d'une vulnérabilité zero-day et son exploitation est passé de plusieurs jours ou semaines à environ quatre heures. Cette réalité impose une automatisation des réponses. Le nouveau système permettra non seulement de détecter les menaces en temps réel, mais aussi d'automatiser les réactions : bloquer automatiquement les serveurs compromis, déployer centralement les indicateurs de compromission (IOC) sur tous les pare-feu du gouvernement, et même arrêter préventivement les services à risque. L'exemple de la vulnérabilité SharePoint illustre bien cette capacité : le Québec a agi rapidement en fermant les systèmes vulnérables, alors qu'une autre province a subi le piratage de 900 serveurs SharePoint. Reconnaissance internationale et création de CVE Un accomplissement remarquable est que le Québec (et non le Canada) fait maintenant partie des 20 organisations mondiales autorisées à créer des CVE (Common Vulnerabilities and Exposures), aux côtés du Luxembourg. Cette reconnaissance témoigne de l'excellence des équipes de pentesting québécoises, qui découvrent régulièrement des vulnérabilités, parfois avec l'aide de pentesteurs virtuels basés sur l'IA. Le balayage de vulnérabilités : externe et interne Le balayage externe des vulnérabilités, déployé massivement pendant le confinement, permet déjà une visibilité complète sur la surface d'attaque visible depuis Internet. Le balayage interne, actuellement en cours de déploiement, apportera une dimension supplémentaire cruciale. Au-delà de l'identification des vulnérabilités, ces outils permettront de créer un inventaire automatisé et centralisé de tous les équipements, logiciels, et même des microcodes des contrôleurs de stockage et des BIOS. Cet inventaire facilitera grandement la gestion des risques : lorsqu'une nouvelle vulnérabilité est annoncée, il sera possible de cibler immédiatement les organismes concernés plutôt que d'alerter tout le monde. De plus, cet inventaire donnera une vision claire de la dette technique et permettra de prioriser les investissements en fonction des risques réels. Le défi des objets connectés Fournier identifie les objets connectés (IoT) comme un défi majeur pour l'avenir. Ces dispositifs, de plus en plus présents dans l'environnement gouvernemental (santé, transport, construction), posent des problèmes de sécurité particuliers. La majorité des microcodes sont produits par cinq grandes compagnies chinoises, et ces objets peuvent contenir des fonctionnalités insoupçonnées, comme la reconnaissance faciale dans un drone à 40 dollars. L'exemple du thermomètre d'aquarium ayant servi de point d'entrée pour paralyser un casino pendant 24 heures illustre les risques associés. Pour Fournier, avoir un inventaire complet des objets connectés dans l'appareil gouvernemental représente le “Saint Graal” de la cybersécurité. Le projet de loi 82 et les infrastructures critiques Le projet de loi 82 confère pour la première fois au gouvernement du Québec une responsabilité dans la sécurité des infrastructures critiques de la société civile. Cela inclut l'eau, l'électricité, et d'autres services essentiels. Le gouvernement commence déjà à travailler avec certaines municipalités qui manifestent un vif intérêt pour cette collaboration, particulièrement importante considérant la vulnérabilité des systèmes de gestion de l'eau. Conclusion Les initiatives présentées par Yvan Fournier démontrent que le gouvernement du Québec prend la cybersécurité au sérieux et investit massivement dans la protection de ses systèmes et des données des citoyens. La centralisation des ressources, l'automatisation des réponses, la surveillance continue, et l'adoption de technologies basées sur l'IA positionnent le Québec comme un leader en matière de cybersécurité gouvernementale. Ces efforts et combinés à l'ouverture au code source, tracent la voie vers un avenir numérique plus sûr pour tous les Québécois. Collaborateurs Nicolas-Loïc Fortin Yvan Fournier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Ryan Glynn, Staff Security Engineer at Compass, has a practical AI implementation strategy for security operations. His team built machine learning models that removed 95% of on-call burden from phishing triage by combining traditional ML techniques with LLM-powered semantic understanding. He also explores where AI agents excel versus where deterministic approaches still win, why tuning detection rules beats prompt-engineering agents, and how to build company-specific models that solve your actual security problems rather than chasing vendor promises about autonomous SOCs.Topics discussed:Language models excel at documentation and semantic understanding of log data for security analysis purposesUsing LLMs to create binary feature flags for machine learning models enables more flexible detection engineeringAgentic SOC platforms sometimes claim to analyze data they aren't actually querying accurately in practiceTuning detection rules directly proves more reliable than trying to prompt-engineer agent analysis behaviorIntent classification in email workflows helps automate triage of forwarded and reported phishing attempts effectivelyCustom ML models addressing company-specific burdens can achieve 95% reduction in analyst workload for targeted problemsAlert tagging systems with simple binary classifications enable better feedback loops for AI-assisted detection tuningContext gathering costs in security make efficiency critical when deploying AI agents across diverse data sourcesQuery language complexity across SIEM platforms creates challenges for general-purpose LLM code generation capabilitiesExplainable machine learning models remain essential for security decisions requiring human oversight and accountabilityListen to more episodes: Apple Spotify YouTubeWebsite

Es findet zwar im Schweizerischen Davos statt, ist aber letztendlich eine von den USA dominierte und kritiklose Sales-Show für Politik und Wirtschaft. Diesen Eindruck bekommt man, wenn man etwa den Schilderungen des österreichischen Investors Benjamin Ruschin folgt, der dieses Jahr am World Economic Forum für sein Unternehmen WeAreDevelopers vor Ort war. In diesem Podcast geht es um folgende Themen:

In deze zeer persoonlijke aflevering van de podcast praten Andries en Rianne over grote omwentelingen in het leven en wat je ervan kunt leren. Rianne noemt dit soort omwentelingen: authentieke levenservaringen. Andries is de afgelopen 2 maanden op reis geweest door de Himalaya en de oerwouden van Sri-Lanka. Wat deze ongelofelijk bijzondere reis hem heeft geleerd, deelt hij enthousiast met je in deze aflevering. En zoals je dit inmiddels van Andries gewend bent, komen er weer een paar prachtige zinnen voorbij, die we zo kunnen inlijsten.Rianne heeft een heel andere ervaring meegemaakt. Een maand nadat ze het koopcontract heeft getekend voor haar nieuwe huis op een historisch landgoed in Frankrijk, gaat de woning op in vlammen. Dit zou de plek moeten worden waar ze retraites wilde gaan geven voor Ontdek je Heilige Graal. Het is ook de plek waar ze al meer dan 2,5 jaar mee bezig is om het te kopen. Nu haar droom en verlangen in rook is opgegaan, vraagt het leven iets heel anders van haar en haar geliefde Siem. Wat? Je hoort het in de podcast.Ontdek je Heilige Graal heeft iets nieuws: een online-training: Hoe (her)stel ik gezonde grenzen? In deze 13-delige training ontdek je hoe jij jouw grenzen kunt herstellen als deze poreus of verhard zijn geraakt, of wanneer je niet weet hoe je grenzen kunt stellen. Wil je deelnemen aan de online-training? Kijk dan op de vertrouwde plek:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/shop⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠UPDATE: DEZE HELINGSDRIEDAAGSE ZIT VOL. MAAR JE KUNT JE AL WEL OPGEVEN VOOR HET ⁠⁠⁠⁠HELINGSJAAR⁠⁠⁠⁠. Van 30 januari - 1 februari is het voorlopig de laatste kans om aan een Helingsdriedaagse mee te doen is . Het is dé boost voor je helingspad. Hier dompel je je drie dagen onder op de prachtige De Hoorneboeg om jezelf binnenstebuiten te keren, trauma aan te kijken, pijn en angst los te laten en vol inzichten en blijvende transformaties weer naar huis te gaan. Geef je nu op, want er is beperkt plek.⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/product/helingsdriedaagse-30-januari-1-februari/⁠⁠⁠⁠⁠⁠⁠Wil jij binnen een jaar weer volledig leven vanuit regie? Meld je dan aan voor het Helingsjaar. Het is een jaar vol persoonlijke begeleiding, bemoedigende verhalen, nieuwe inzichten en ondersteuning bij jouw uitdagingen. Mensen die je zijn voorgegaan noemen het jaar levensveranderend. De aftrap is op 17 april met een live-dag. Kijk voor meer informatie en toegang op:⁠⁠⁠https://ontdekjeheiligegraal.com/product/ontdek-je-heilige-graal-helingsjaar-start-17-april/⁠⁠Ben je geïnteresseerd in het (e-)boek Ontdek je Heilige Graal of het bijpassende werkboek? Check dan:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/shop/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Wil je als eerste op de hoogte zijn van alle events of nieuwe plannen van Ontdek je Heilige Graal? Meld je dan aan voor de nieuwsbrief: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/nieuwsbrief⁠⁠⁠⁠

Parce que… c'est l'épisode 0x698! Shameless plug 29 janvier 2026 - The Coming AI Hackers 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Introduction Dans cet épisode, David Bizeul et Nicolas explorent l'interopérabilité entre composants de sécurité et présentent le projet Open XDR Architecture (OXA). La discussion met en lumière les défis de l'approche “best of breed” face à la plateformisation du marché de la cybersécurité, ainsi que les solutions innovantes pour favoriser l'interopérabilité. L'approche best of breed et ses défis David Bizeul se définit comme un fervent défenseur de l'approche best of breed, qui consiste à sélectionner la meilleure solution pour chaque problème spécifique en cybersécurité. Cette philosophie s'inscrit dans l'ADN de Sekoia, où l'ouverture et l'interopérabilité constituent des valeurs fondamentales. Cependant, cette approche se heurte à une réalité complexe : bien qu'un produit puisse être excellent dans son domaine, il ne représente qu'une lettre dans l'alphabet complet d'un workflow de cybersécurité. Le principal défi réside dans la compétition avec les grandes plateformes intégrées. Ces acteurs, principalement américains, ont pu racheter la concurrence pour des centaines de millions ou des milliards de dollars, créant des offres complètes de A à Z. Face à cette concentration, les éditeurs spécialisés doivent trouver des moyens alternatifs de créer de la valeur pour leurs clients sans disposer des mêmes ressources financières. Le projet Open XDR Architecture (OXA) Pour répondre à ces enjeux, trois sociétés françaises - Sekoia, Arfanglab et Glims - ont collaboré pour créer OXA. Sekoia propose une plateforme SOC, Arfanglab une solution EDR, et Glims une solution d'analyse de malware. Ensemble, ils ont développé une architecture ouverte permettant de faire du XDR (Extended Detection and Response) en favorisant l'interopérabilité entre différentes solutions technologiques de qualité. L'objectif d'OXA est de se positionner face aux acteurs plateformisants, non pas en suivant leur modèle d'acquisition agressive, mais en promouvant les standards, l'interopérabilité et des formats de données ouverts. Cette approche vise à faciliter les workflows entre différents composants de sécurité. Les différentes couches d'OXA Formats de données La première couche concerne les formats de données générés et consommés par les différentes solutions. Historiquement, le marché souffrait d'une prolifération de formats propriétaires, rendant l'intégration extrêmement complexe. OXA s'appuie sur des standards existants comme OCSF (Open Cyber Security Framework), qui définit un cadre pour les différents types de produits et leurs champs de données pertinents. L'objectif n'est pas de réinventer la roue, mais de promouvoir ce qui existe déjà et fonctionne bien. Spécifications d'API La deuxième couche aborde l'automatisation et la communication entre produits. Contrairement aux formats de données, il n'existe pas sur le marché de spécification d'API standardisée pour la cybersécurité. Chaque éditeur développe ses propres API propriétaires pour communiquer avec les EDR, firewalls ou SIEM. OXA propose une spécification d'API définissant comment les composants de sécurité devraient interagir : comment suspendre un processus sur un EDR, comment ajouter une règle de détection dans un SIEM, etc. Cette standardisation permet de gagner énormément de temps d'ingénierie. Au lieu de passer trois jours d'intégration pour chaque nouveau produit, multiplié par cent produits (soit 300 jours de travail), une API standardisée permettrait de minimiser drastiquement ces délais d'intégration, bénéficiant à l'ensemble de la communauté. Distribution de Threat Intelligence La troisième couche concerne la dissémination de la Threat Intelligence. L'idée est qu'un client ayant déjà payé pour une source de Threat Intelligence devrait pouvoir la distribuer à tous ses produits de sécurité, et non seulement à quelques-uns. Cela permet d'agir plus rapidement, plus près de la menace, en diffusant l'information directement aux équipements réseau ou endpoints avant même que les alertes n'arrivent au SIEM. L'analogie médicale et la spécialisation Nicolas établit une analogie pertinente avec la médecine pour illustrer l'évolution de la cybersécurité. Il y a 15 ans, le domaine était relativement limité et rudimentaire, comparable à la médecine générale d'il y a un siècle. Aujourd'hui, comme en médecine où personne n'accepterait qu'un généraliste pratique une neurochirurgie, la cybersécurité nécessite des spécialistes. La plateformisation ne fait plus sens dans un contexte où chaque domaine requiert une expertise pointue. Cette spécialisation se reflète également au niveau des professionnels et des entreprises. Il est désormais impossible pour une personne de maîtriser tous les aspects de la cybersécurité, tout comme une entreprise ne peut exceller dans tous les domaines simultanément. Vision future et Cyber Security Mesh Architecture David Bizeul établit un parallèle intéressant entre OXA et le concept de Cyber Security Mesh Architecture (CSMA) proposé par Gartner. Le CSMA représente une vision du marché où la cybersécurité est pensée comme un ensemble de composants travaillant en chaîne. OXA constitue une manière d'opérationnaliser cette vision, offrant aux clients la possibilité de choisir les meilleurs produits pour leur contexte spécifique tout en garantissant leur interopérabilité. Le projet intègre également un système de labels (bronze, silver, gold) permettant aux éditeurs de s'autodéclarer compatibles avec différents niveaux d'interopérabilité OXA. L'objectif est d'encourager les clients à favoriser l'interopérabilité plutôt que la plateformisation dans leurs appels d'offres et budgets. Avantages pour l'innovation Un aspect particulièrement intéressant d'OXA est son potentiel pour favoriser l'innovation. Une startup avec une simple preuve de concept peut se rendre compatible OXA et être rapidement intégrée dans des workflows matures de grands groupes. Par exemple, une startup développant une solution d'analyse de deepfakes pourrait être sollicitée dans un workflow de cybersécurité dès ses débuts, là où elle aurait dû attendre trois ans de maturation dans un modèle classique. Pour les utilisateurs, cette approche offre également une résilience accrue : si un produit ne satisfait plus ou si l'éditeur fait faillite, il peut être facilement remplacé par un autre produit compatible OXA, sans disruption majeure du workflow. Conclusion Le projet OXA, disponible sur le repository GitHub d'Open Cyber Alliance, représente une approche innovante pour repenser l'interopérabilité en cybersécurité. En promouvant les standards ouverts et en facilitant la collaboration entre solutions spécialisées, OXA offre une alternative crédible à la plateformisation dominante, au bénéfice tant des éditeurs que des utilisateurs finaux. Notes Open XDR Architecture: redefining the contours of XDR Open XDR architecture Open Cybersecurity Alliance Github opencybersecurityalliance/oxa Collaborateurs Nicolas-Loïc Fortin David Bizeul Crédits Montage par Intrasecure inc Locaux réels par Sekoia

Spencer Siem is a New Mexico–based fly fishing guide known for his deep knowledge of Southwestern waters and his connection to the Feather Thief legacy. Blending technical precision with a reverence for fly-tying history, Spencer approaches guiding as both craft and storytelling. His work reflects a respect for tradition, a curiosity for innovation, and a quiet dedication to passing the culture of fly fishing forward. In this episode of Anchored, we learn more about his story. Looking to go deeper with your learning? Come see what we've been working on at AnchoredOutdoors.com. We've built a library of 30 in-depth, sequentially organized Masterclasses taught by past guests of this podcast — and we've watched over 1,000 members grow their confidence and skills on the water. Want to check it out for free? No money down, no strings attached. Just head to anchoredoutdoors.com/premium-insiders/ Anchored listeners can get 10% off their first order with Skwala by using the code “anchored10” at check out. See for yourself at skwalafishing.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Streitpunkt München - Franziska von Lehel beleuchtet in ihrer Kolumne kleine oder große, für sie jedenfalls bemerkenswerte und streitbare Entwicklungen in dieser Stadt. Heute: Die Münchner mögen's ungemütlich, billig und schnell! Die nächsten folgen jeden ersten Dienstag im Monat in unserer Sendung Moment: Kultur zwischen 15 und 16 Uhr, ab 18 Uhr in der Wiederholung und nachzuhören auf unserer Webseite und in den diversen Podcast-Kanälen. Franziska von Lehel betreibt einen eigenen Youtube-Kanal mit dem Titel: Antworten bitte!

Beschäftigte müssen im neuen Jahr mehr arbeiten als im vorigen - im Schnitt 2,4 Arbeitstage. Denn 2026 fallen mehr Feiertage auf ein Wochenende. Sollten sie nachgeholt werden wie in anderen europäischen Ländern? Von Tabea Schoser

Send us a textA neighboring Wi‑Fi, a handful of stolen credentials, and a quiet leap into a high‑value network—the kind of pivot that sounds cinematic until you realize how practical it is. We unpack that playbook and turn it into concrete defenses you can deploy across your environment, from client endpoints and browsers to databases, servers, and industrial control systems.We start at the edge, where phishing, drive‑by downloads, and man‑in‑the‑middle still win far too often. You'll get a clear blueprint for upgrading endpoint security with EDR, strict patching, and browser hardening, plus when to retire or sandbox legacy applets and how to stop sensitive data bleeding from local caches. From there we map the landscape of modern data platforms: the internal, conceptual, and external layers of databases; the resilience of distributed DBs; the interoperability and pitfalls of ODBC; and the security tradeoffs between NoSQL flexibility and relational ACID guarantees. Expect practical guardrails like TLS on every link, parameterized queries for SQLi defense, and role‑based access with tight segregation of duties.Finally, we focus on servers and ICS, where downtime costs real money and, in OT, can impact safety. Learn how to prioritize hardening and patching without breaking legacy apps, isolate critical services to reduce blast radius, centralize logging to a SIEM, and apply the Purdue model to segment OT from IT. We share tested moves for OT environments—firewalls and DMZs, constrained remote access, realistic backup and recovery plans—and explain how to integrate safety and cybersecurity so alarms, procedures, and people work as one.If you find this valuable, subscribe, share it with a teammate who owns Wi‑Fi or databases, and leave a quick review telling us the first control you'll implement this week. Your feedback helps more practitioners discover tools that actually reduce risk.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Cyberangriffe sind längst keine Ausnahme mehr – besonders nicht für den Mittelstand. In dieser Folge spricht Jonas Rashedi mit Dr. Marc Atkins von Vodafone Business, der das neue Cyber Security Center leitet. Gemeinsam schauen sie auf typische Risiken, reale Fälle und praktikable Schutzmaßnahmen. Marc erklärt, wie Phishing-Angriffe ablaufen, warum Awareness der erste Schritt ist – und was passiert, wenn man gar nichts merkt. Er bringt konkrete Beispiele mit: von Samstags-Attacken, die nachts erkannt und automatisch isoliert werden, bis hin zu alten Betriebssystemen, die im Onboarding entdeckt werden. Was hilft? Endpoint-Schutz, Firewall-Monitoring, Managed Detection & Response – und vor allem: ein Partner, der mitdenkt. Eine Folge, die zeigt, dass Sicherheit machbar ist – wenn man sie ernst nimmt. MY DATA IS BETTER THAN YOURS ist ein Projekt von BETTER THAN YOURS, der Marke für richtig gute Podcasts. Du möchtest gezielt Werbung im Podcast MY DATA IS BETTER THAN YOURS schalten? Zum Kontaktformular: https://2frg6t.share-eu1.hsforms.com/2ugV0DR-wTX-mVZrX6BWtxg Zum LinkedIn-Profil von Marc: https://www.linkedin.com/in/dr-marc-atkins-669108a7/ Zur Homepage von Vodafone: https://www.vodafone.de Zu allen wichtigen Links rund um Jonas und den Podcast: https://linktr.ee/jonas.rashedi 00:00 Vorstellung & Einstieg 08:00 Bedrohungslage & falsche Wahrnehmung 16:00 Phishing & Faktor Mensch 24:00 Stillstand, Schäden & Reputationsrisiken 30:00 MDR, SIEM, SOAR & Notfallroutinen 40:00 NIS2, Meldepflichten & Prozesse 48:00 Fachkräftemangel & Diversity in Security-Teams

Every vendor in exposure management now says they do CTEM. Nick Lanta's response: "You don't even know what you're talking about." This episode with Nick Lantuh (CyberProof) and Amy Chaney (Citibank) breaks down how a methodology became a meaningless marketing term and how buyers can fight back. The reality check: CTEM requires connecting vuln scanning, endpoint, SIEM, cloud, email, network—not just one of them Adding CAASM or external attack surface management doesn't make you a CTEM vendor Most organizations doing "CTEM" are actually using spreadsheets and manual threat intel fusion Why services-led beats platform-first (60x revenue growth proved it) The disingenuity problem: vendors spray the term, buyers have to unpack it Amy's evaluated these claims at the world's largest banks. Nick built the solution that actually connects the pieces. Together, they arm you with the filter.

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into incident response, forensics, and monitoring essentials crucial for your tech exam prep. Learn the full incident response lifecycle—preparation, detection, analysis, containment, eradication, recovery, and lessons learned—to develop your IT skills and master concepts important for the CompTIA exam. We discuss how having a solid plan, defined roles, and effective communication helps IT teams maintain clarity when systems fail. Tune in for real-world examples showing how SOC analysts escalate brute force attacks, how teams preserve evidence for forensics, and how incident debriefs lead to stronger security measures like multi-factor authentication. This episode is an essential part of your CompTIA study guide and technology education journey.We then turn to digital forensics and make it concrete. Legal hold, due process, and chain of custody aren't buzzwords—they're the difference between actionable findings and inadmissible claims. We break down the order of volatility, memory and disk acquisition, hashing, and write blockers, plus the reporting and e‑discovery steps that transform artifacts into a defensible narrative. If you've ever wondered when to pull the plug or why RAM matters, this segment gives you the why and the how.Finally, we zoom out to monitoring and the tools that power modern security operations. From Windows logs and Syslog to IDS, IPS, NetFlow, and packet capture with Wireshark, we show how each source fits the puzzle. We unpack SIEM fundamentals—log aggregation, normalization, correlation, alert tuning—and share strategies to beat alert fatigue without missing true positives. To round it out, we offer certification guidance across A+, Network+, Security+, and Tech+, helping you choose the right path whether you're SOC-bound or supporting compliance from another business unit.Subscribe for more practical cybersecurity breakdowns, share this with a teammate who needs a stronger IR playbook, and leave a review with your biggest monitoring or forensics question—we may feature it next time.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into cloud security fundamentals, perfect for those preparing for the CompTIA Security+ exam. Join our study group as we explore the shifting security landscape from locked server rooms to identity-based perimeters and data distributed across regions. This practical, Security+-ready guide connects architecture choices to real risks and concrete defenses, offering valuable IT certification tips and tech exam prep strategies. Whether you're focused on your CompTIA exam or looking to enhance your IT skills development, this episode provides essential insights to help you succeed in technology education and advance your career.We start by grounding the why: elasticity, pay-per-use costs, and resilience pushed organizations toward public, private, community, and hybrid clouds. From there, we map service models—SaaS, PaaS, IaaS, and XaaS—and the responsibilities each one assigns. You'll hear how thin clients reduce device risk, why a transit gateway can become a blast radius, and where serverless trims surface area while complicating visibility. Misunderstanding the shared responsibility model remains the leading cause of breaches, so we spell out exactly what providers secure and what you must own.Identity becomes the new perimeter, so we detail IAM guardrails: least privilege, no shared admins, MFA on every privileged account, short-lived credentials, and continuous auditing. We cover encryption in all three states with AES-256, TLS 1.3, HSMs, and customer-managed keys, then add CASB for SaaS control and SASE to bring ZTNA, FWaaS, and DLP to the edge where users actually work. Virtualization and containers deliver speed and density but expand the attack surface: VM escapes, snapshot theft, and poisoned images require hardened hypervisors, signed artifacts, private registries, secret management, and runtime policy. Hybrid and multi-cloud introduce inconsistent IAM and fragmented logging—centralized identity, unified SIEM, CSPM, and infrastructure-as-code guardrails bring discipline back.We wrap with the patterns attackers exploit—public storage exposure, stolen API keys, unencrypted backups, and supply chain compromises—and the operating principles that stop them: zero trust, verification over assumption, and automation that responds at machine speed. Stick around for four rapid Security+ practice questions to test your skills and cement the concepts.If this helped you study or sharpen your cloud strategy, follow and subscribe, share it with a teammate, and leave a quick review telling us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Les agents IA permettent aujourd'hui une "hyper-automatisation" des tâches en entreprise. C'est la mission que s'est fixée la startup française MindflowInterview : Evan Bourgouin, Directeur des opérations de MindflowL'hyper-automatisation agentique, concrètement, qu'est-ce que cela change pour les entreprises ?Nous automatisons les tâches répétitives dès qu'un humain, un ordinateur et un processus entrent en jeu. Beaucoup d'organisations utilisent déjà des services comme AWS, Microsoft Azure ou encore Salesforce et SAP, mais ces systèmes restent souvent isolés.Chez Mindflow, notre obsession, c'est l'intégration : connecter chaque service, chaque opération, au niveau le plus granulaire.Sur cette base, nous automatisons des processus dans la cybersécurité, l'IT ou les ressources humaines — par exemple l'onboarding d'un collaborateur, la création d'accès, de rôles, de comptes sur des outils comme Jira ou un CRM. Ce sont des tâches indispensables, mais pas celles où la valeur humaine est la plus forte.Quel est l'impact sur la cybersécurité et la charge des équipes ?Dans la cybersécurité, recevoir 100 alertes par jour sur un SIEM comme Splunk ou Microsoft Sentinel est devenu courant. Avec une équipe restreinte, une partie finit forcément par ne pas être traitée.Nous automatisons donc une part de ces réponses, tout en gardant l'humain dans la boucle.Cela change radicalement le quotidien : c'est un secteur où l'épuisement professionnel est très élevé. Les jeunes analystes arrivent et se font submerger par les tâches répétitives. En retirant cette charge, on leur permet de se concentrer sur l'analyse et la résolution de nouvelles menaces.Les utilisateurs vont du C-level jusqu'à l'alternant : chacun retrouve une capacité à créer, à améliorer son travail, en s'appuyant sur la plateforme.Automatisation ou agentique : comment expliquer la différence ?L'automatisation est déterministe : même input → même output.L'agentique, elle, adapte son comportement en fonction du contexte — par exemple une alerte différente sur ServiceNow ou une anomalie détectée dans un ERP. Mais on n'a pas besoin d'IA partout : certaines entreprises ne souhaitent pas envoyer leurs données dans des modèles d'IA pour des raisons de confidentialité.La vraie différence, c'est que nous avons résolu le problème de l'intégration, ce qui fait de Mindflow « l'IA du dernier kilomètre ». Une fois qu'on sait se connecter à AWS, Azure, Salesforce, Jira, un ERP ou un data lake, l'agent peut vraiment agir. Sans intégration, rien n'est possible.Comment une entreprise démarre-t-elle un projet d'automatisation ?Tout commence par une volonté interne et une culture favorable. Avec nos clients — souvent de grands groupes comme LVMH, Hermès, Thales ou Auchan — nous réalisons un état des lieux : où sont les goulots d'étranglement, quelles équipes sont surchargées, quels profils veulent devenir "builders".Une fois l'intégration réalisée, tout s'accélère. Les quick wins sont fréquemment dans la cyber, l'IT ou le support opérationnel, mais chaque entreprise a ses propres cas d'usage, même si elles utilisent parfois les mêmes outils.-----------♥️ Soutien : https://mondenumerique.info/don

All links and images can be found on CISO Series. Check out this post by Christofer Hoff of Truist for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Caleb Sima, builder, WhiteRabbit. Joining them is Crystal Chatam, vp of cybersecurity, Speedcast. In this episode: Understanding the fundamentals The grift of superficial expertise Hands-on experience matters  A vulnerability at the leadership level Huge thanks to our sponsor, Stellar Cyber By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to see incoming attacks, know how to fight them, and act decisively – protecting what matters most. Stellar Cyber's award-winning open security operations platform includes AI-driven SIEM, NDR, ITDR, Open XDR, and Multi-Layer AI™ under one unified platform with a single license. With ⅓ of the global top 250 MSSPs and over 14,000 customers worldwide, Stellar Cyber is one of the most trusted leaders in security operations. Learn more at https://stellarcyber.ai/.  

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into endpoint security—a crucial topic for anyone preparing for IT certification exams, especially CompTIA. Traditional firewalls no longer fully protect your network; attackers now exploit endpoints like laptops, phones, printers, and smart devices to breach security. We explore how threats bypass perimeter defenses by targeting users and devices directly, and explain essential controls such as hardening, segmentation, encryption, patching, behavior analytics, and access management. Whether you're studying for your CompTIA exam or seeking practical IT skills development, this episode offers critical insights and IT certification tips to strengthen your understanding of cybersecurity fundamentals. Tune in to enhance your tech exam prep and advance your technology education journey.We start with foundations that actually move risk: baseline configurations, aggressive patch management, and closing unnecessary ports and services. From there we layer modern defenses—EDR and XDR for continuous telemetry and automated containment, UEBA to surface the 3 a.m. login or odd data pulls, and the underrated duo of least privilege and application allow listing to deny unknown code a chance to run. You'll hear why full disk encryption is non‑negotiable and how policy, not heroics, sustains security over time.Mobile endpoints take center stage with clear tactics for safer travel and remote work: stronger screen locks and biometrics, MDM policies that enforce remote wipe and jailbreak detection, and connection hygiene that favors VPN and cellular over public Wi‑Fi. We break down evil twin traps, side loading risks, and permission sprawl, then pivot to IoT realities—default passwords, stale firmware, exposed admin panels—and how VLAN isolation and firmware schedules defang them. A real case of a chatty lobby printer becoming an attack pivot drives home the need for logging and outbound controls through SIEM.The takeaway is simple and urgent: if it connects, it can be attacked, and if it's hardened, segmented, encrypted, and monitored, it can be defended. Subscribe for more practical security deep dives, share this with a teammate who owns devices or networks, and leave a review to tell us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

In this episode, Cliff Crosland, CEO & co-founder of Scanner.dev, shares his candid journey of trying (and initially failing) to build an in-house security data lake to replace an expensive traditional SIEM.Cliff explains the economic breaking point where scaling a SIEM became "more expensive than the entire budget for the engineering team". He details the technical challenges of moving terabytes of logs to S3 and the painful realization that querying them with Amazon Athena was slow and costly for security use cases .This episode is a deep dive into the evolution of logging architecture, from SQL-based legacy tools to the modern "messy" data lake that embraces full-text search on unstructured data. We discuss the "data engineering lift" required to build your own, the promise (and limitations) of Amazon Security Lake, and how AI agents are starting to automate detection engineering and schema management.Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cliff's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:25) Who is Cliff Crosford?(03:00) Why Teams Are Switching from SIEMs to Data Lakes(06:00) The "Black Hole" of S3 Logs: Cliff's First Failed Data Lake(07:30) The Engineering Lift: Do You Need a Data Engineer to Build a Lake?(11:00) Why Amazon Athena Failed for Security Investigations(14:20) The Danger of Dropping Logs to Save Costs(17:00) Misconceptions About Building Your Own Data Lake(19:00) The Evolution of Logging: From SQL to Full-Text Search(21:30) Is Amazon Security Lake the Answer? (OCSF & Custom Logs)(24:40) The Nightmare of Log Normalization & Custom Schemas(28:00) Why Future Tools Must Embrace "Messy" Logs(29:55) How AI Agents Are Automating Detection Engineering(35:45) Using AI to Monitor Schema Changes at Scale(39:45) Build vs. Buy: Does Your Security Team Need Data Engineers?(43:15) Fun Questions: Physics Simulations & Pumpkin Pie

Podcast: Simply ICS CyberEpisode: S2 E8: The Value of ICS & OT ExercisesPub date: 2025-11-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Simply ICS Cyber, Don and Tom welcome Sam Blaney, retired Chief Warrant Officer (CW3) from the Georgia National Guard and current cybersecurity professor at the University of North Georgia.Sam shares insights from his career building and leading Cyber Protection Team 170, his transition into teaching, and his continued work helping state and local governments strengthen cybersecurity.The conversation digs into Sam's recent experience coaching students at the Department of Energy CyberForce Competition, where the University of North Georgia team defended a simulated offshore drilling platform with both IT and OT components.Sam discusses what made the event realistic, how students approached identity and access management, OT network analysis, and what they learned about preparation, tooling, and industrial control system challenges.The group also explores:- Effective defense preparation for cyber competitions- Building and tuning SIEM tools for constrained environments- The value of exercises like CCDC and CyberShield- How multidisciplinary tabletops improve communication across organizations- The increasing role of AI in attack and defense, including the Anthropic AI-assisted malware research- Concerns about AI-driven automation, skill multiplier effects, and the importance of understanding fundamentalsResources:Sam Blaney: https://www.linkedin.com/in/samblaney65/University of North Georgia: https://ung.edu/DOE CyberForce Program: https://cyberforce.energy.gov/ US CyberCom: https://www.cybercom.mil/National Guard Cyber Defense Team: https://www.nationalguard.mil/Portals/31/Resources/Fact%20Sheets/Cyber%20Defense%20Team%202022.pdfNational Guard CyberShield: https://www.dvidshub.net/feature/CyberShield25Anthropic Malware Write-up: https://www.anthropic.com/news/disrupting-AI-espionage=========================

In this episode of the Humanitarian AI Today podcast, Siem Vaessen, CEO of Zimmerman and an IATI Governing Technical Board Member, and Sylvan Ridderinkhof, Data Engineer at Zimmerman, joined Brent Phillips to discuss the critical intersection of artificial intelligence, open data, and humanitarian collaboration amidst a rapidly changing and advancing landscape. Drawing on insights from the NetHope Summit, the guests highlighted a consensus that the sector must collaborate more closely around AI and open data sharing, a necessity largely driven by significant cuts in aid funding. Siem, Sylvan and Brent discussed Zimmerman's long-standing commitment to the International Aid Transparency Initiative (IATI), an open data sharing framework widely used by humanitarian organizations to share granular information on aid activities, transactions and results. The discussion delved into Zimmerman's work and its future roadmap, focusing on enhancing the usability and quality of IATI data and on simplifying the complex process of reporting aid activities through IATI. They touched on the launch of Zimmerman's updated AIDA (Aid Information Data Analytics) data platform and on other Zimmerman products and services tailored for the humanitarian aid and development communities and how they're looking at ways of leveraging AI to improve search capabilities and support data enrichment processes. They also however caution listeners on risks posed by AI adoption, capable of potentially impacting IATI data quality and usability. Because AI models and agents aren't natively trained to understand complex and subtle differences in ways that organizations report aid activities and publish their data, AI applications risk misinterpreting aid activity information. The use of AI applications to enhance and augment IATI data could add to these challenges, making complex, granular analysis of IATI data difficult or prone to misinterpretation without measures being taken to mitigate these risks . Ultimately, the guests stressed that the progress of humanitarian technology hinges not just on powerful tools but on responsible innovation and a greater commitment to collaboration, including actively engaging with local actors and organizations that may traditionally be excluded from technical discussions on uses of AI. Interview notes: https://humanitarianaitoday.medium.com/siem-vaessen-from-zimmerman-on-iati-collaboration-around-ai-and-the-development-aid-landscape-ebd36e0f20e9

How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on as a self-proclaimed "AI skeptic". Grant shared that after 15 years of being "scared to death" by high-false-positive AI, modern LLMs have changed the game .The key to trust lies in two pillars: explainability (is the decision reasonable?) and traceability (can you audit the entire data trail, including all 40-50 queries?) . Grant talks about yje critical architectural components for regulated industries, including single-tenancy , bring-your-own-cloud (BYOC) for data sovereignty , and model portability.In this episode we will be comparing AI SOC to traditional MDRs and talking about real-world "bake-off" results where an AI SOC had 99.3% agreement with a human team on 12,000 alerts but was 11x faster, with an average investigation time of just four minutes .Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Grant's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠(00:00) Introduction(02:00) Who is Grant Oviatt?(02:30) How to Establish Trust in an AI SOC for Regulated Environments(03:45) Explainability vs. Traceability: The Two Pillars of Trust(06:00) The "Hard SOC Life": Pre-AI vs. AI SOC(09:00) From AI Skeptic to AI SOC Founder: What Changed? (10:50) The "Aha!" Moment: Breaking Problems into Bite-Sized Pieces(12:30) What Regulated Bodies Expect from an AI SOC(13:30) Data Management: The Key for Regulated Industries (PII/PHI) (14:40) Why Point-in-Time Queries are Safer than a SIEM (15:10) Bring-Your-Own-Cloud (BYOC) for Financial Services (16:20) Single-Tenant Architecture & No Training on Customer Data (17:40) Bring-Your-Own-Model: The Rise of Model Portability (19:20) AI SOC vs. MDR: Can it Replace Your Provider? (19:50) The 4-Minute Investigation: Speed & Custom Detections (21:20) The Reality of Building Your Own AI SOC (Build vs. Buy)(23:10) Managing Model Drift & Updates(24:30) Why Prophet Avoids MCPs: The Lack of Auditability (26:10) How Far Can AI SOC Go? (Analysis vs. Threat Hunting)(27:40) The Future: From "Human in the Loop" to "Manager in the Loop" (28:20) Do We Still Need a Human in the Loop? (95% Auto-Closed) (29:20) The Red Lines: What AI Shouldn't Automate (Yet) (30:20) The Problem with "Creative" AI Remediation(33:10) What AI SOC is Not Ready For (Risk Appetite)(35:00) Gaining Confidence: The 12,000 Alert Bake-Off (99.3% Agreement) (37:40) Fun Questions: Iron Mans, Texas BBQ & SeafoodThank you to Prophet Security for sponsoring this episode.

Guests: Alexander Pabst, Deputy Group CISO, Allianz Lars Koenig,  Global Head of D&R, Allianz  Topics:  Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like?  Agentic AI introduces a new layer of risk - that of unconstrained or unintended autonomous action. In the context of Allianz, how did you establish the governance framework for the SOC alert triage agents? Where did you draw the line between fully automated action and the mandatory "human-in-the-loop" for investigation or response? Agentic triage is only as good as the data it analyzes. From your perspective, what were the biggest challenges - and wins - in ensuring the data fidelity, freshness, and completeness in your SIEM to fuel reliable agent decisions? We've been talking about SOC automation for years, but this agentic wave feels different. As a deputy CISO, what was your primary, non-negotiable goal for the agent? Was it purely Mean Time to Respond (MTTR) reduction, or was the bigger strategic prize to fundamentally re-skill and uplevel your Tier 2/3 analysts by removing the low-value alert noise? As you built this out, were there any surprises along the way that left you shaking your head or laughing at the unexpected AI behaviors? We felt a major lack of proof - Anton kept asking for pudding - that any of the agentic SOC vendors we saw at RSA had actually achieved anything beyond hype! When it comes to your org, how are you measuring agent success?  What are the key metrics you are using right now? Resources: EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP249 Data First: What Really Makes Your SOC 'AI Ready'? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog "How Google Does It: Building AI agents for cybersecurity and defense" blog Company annual report to look for risk "How to Win Friends and Influence People" by Dale Carnegie "Will It Make the Boat Go Faster?" book

In this episode of the Need to Know Podcast, we explore the evolving landscape of learning in the Microsoft Cloud ecosystem, with a spotlight on the SMB market. From the latest in Microsoft 365 Copilot innovations to critical cybersecurity updates and the end of CIAOPS Academy, this episode delivers essential insights for IT professionals and business leaders navigating the modern digital workplace. Resources Explore the tools, communities, and content mentioned in this episode: CIAOPS Need to Know Podcast: https://ciaops.podbean.com/  CIAOPS Blog: https://blog.ciaops.com/  CIAOPS Labs: https://blog.ciaopslabs.com/  CIAOPS Brief: https://blog.ciaops.com/tag/cia-brief/  Join the Teams Shared Channel: https://blog.ciaops.com/2022/07/29/join-my-teams-shared-channel/  CIAOPS Merch Store: https://my-store-c5d877-2.creator-spring.com/  Become a Patron: https://www.ciaopspatron.com/  Direct Support: https://ko-fi.com/ciaops  Get Your M365 Questions Answered: https://blog.ciaops.com/2025/06/11/get-your-m365-questions-answered-via-email-2/  Test Your Microsoft 365 Speed: https://blog.ciaops.com/2025/07/21/test-your-microsoft-365-speed-in-seconds-for-free/  CIAOPS Email list - https://bit.ly/cia-email   Announcements Flight School: Mastering Copilot for IT Pros – https://blog.ciaops.com/2025/11/14/flight-school-mastering-copilot-for-it-pros/  Disabling Office Macros via ASR to Meet Essential Eight Requirements – https://blog.ciaops.com/2025/11/13/disabling-office-macros-via-asr-to-meet-essential-eight-requirements/  ASD OWA settings check script – https://blog.ciaops.com/2025/11/13/asd-owa-settings-check-script/  ASD Mailflow settings check script – https://blog.ciaops.com/2025/11/12/asd-mailflow-settings-check-sript/  CIAOPS Academy deprecation notification – https://blog.ciaops.com/2025/11/10/ciaops-academy-deprecation-notification/  Show Notes The next chapter of the Microsoft–OpenAI partnership – https://blogs.microsoft.com/blog/2025/10/28/the-next-chapter-of-the-microsoft-openai-partnership/ Automate with Workflows Agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=Vvk1ScZT-lo Introducing Researcher with Computer Use in Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-researcher-with-comput… Build apps in minutes with App Builder agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=v27H_R1ltB0 Microsoft 365 Copilot now enables you to build apps and workflows – https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you Introducing Teams Mode for Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-teams-mode-for-microso… Introducing MAI-Image-1, debuting in the top 10 on LMArena – https://microsoft.ai/news/introducing-mai-image-1-debuting-in-the-top-10-on-lmarena/ Building human-centric security skills for AI – https://techcommunity.microsoft.com/blog/microsoftlearnblog/building-human-centric-security-skills-… GenAI vs Cyber Threats: Why GenAI Powered Unified SecOps Wins – https://techcommunity.microsoft.com/blog/microsoft-security-blog/genai-vs-cyber-threats-why-genai-p… What's new in Microsoft 365 Copilot | October 2025 – https://techcommunity.microsoft.com/blog/Microsoft365CopilotBlog/what%E2%80%99s-new-in-microsoft-36… The 5 generative AI security threats you need to know about detailed in new e-book – https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-n… SharePoint Showcase highlights: Smarter Copilot responses using metadata with the Knowledge Agent – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/sharepoint-showcase-highlights-sma… Work smarter with Copilot in the People, Files, and Calendar apps – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/work-smarter-with-copilot-in-the-p… The weakest link: Stolen staff passwords now the biggest cyber threat to workplaces – https://www.smh.com.au/politics/federal/the-weakest-link-stolen-staff-passwords-now-the-biggest-cyb… Cyber security priorities for boards of directors 2025-26 – https://www.cyber.gov.au/business-government/protecting-business-leaders/cyber-security-for-busines… Secure external attachments with Purview encryption – https://techcommunity.microsoft.com/blog/azurepurviewblog/secure-external-attachments-with-purview-… What's New in Microsoft Intune: October 2025 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune… Custom detections are now the unified experience for creating detections in Microsoft Defender – https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/custom-detections-are-now-th… 10 ways Microsoft Intune supports a smooth upgrade to Windows 11 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/10-ways-microsoft-intune-supports-a-sm… How Windows 11 and AI are transforming the future of work – https://techcommunity.microsoft.com/blog/windows-itpro-blog/how-windows-11-and-ai-are-transforming-… Security Copilot Agents: The New Era of AI, Driven Cyber Defense – https://techcommunity.microsoft.com/blog/microsoft-security-blog/security-copilot-agents-the-new-er… 6 truths about migrating Microsoft Sentinel to the Defender portal – https://techcommunity.microsoft.com/blog/microsoftsentinelblog/6-truths-about-migrating-microsoft-s… Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM – https://www.microsoft.com/en-us/security/blog/2025/10/16/microsoft-named-a-leader-in-the-2025-gartn… Extortion and ransomware drive over half of cyberattacks – https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ Microsoft 365 Insider Round-Up: October 2025 – https://www.linkedin.com/pulse/microsoft-365-insider-round-up-october-2025-microsoft-365-insider-ub… Making every Windows 11 PC an AI PC – https://blogs.windows.com/windowsexperience/2025/10/16/making-every-windows-11-pc-an-ai-pc/ Microsoft raises the bar: A smarter way to measure AI for cybersecurity – https://www.microsoft.com/en-us/security/blog/2025/10/14/microsoft-raises-the-bar-a-smarter-way-to-… Building a lasting security culture at Microsoft – https://www.microsoft.com/en-us/security/blog/2025/10/13/building-a-lasting-security-culture-at-mic… Satya – My annual letter: Thinking in decades, executing in quarters – https://www.linkedin.com/pulse/my-annual-letter-thinking-decades-executing-quarters-satya-nadella-7…

When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng Topics: Are we really coming  to "access to security data" and away from "centralizing the data"? How to detect without the same storage for all logs? Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon? Tell us about the issues with log pipelines in the past? What about enrichment? Why do it in a pipeline, and not in a SIEM? We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer? Do you have a piece of advice for people who want to do more than save on their SIEM costs? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines Axoflow podcast and Anton on it "Decoupled SIEM: Where I Think We Are Now?" blog "Decoupled SIEM: Brilliant or Stupid?" blog "Output-driven SIEM — 13 years later" blog

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".Guest Socials -⁠ ⁠⁠⁠⁠⁠Ariful's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food

Send us a textHeadlines about a massive F5 Big-IP exposure aren't noise—they're a masterclass in why Security Operations must be disciplined, fast, and auditable. We open with what the F5 situation means for enterprise risk, patch urgency, and long-term persistence threats, then shift into a practical, exam-ready walkthrough of CISSP Domain 7. The goal: help you think like an operator and answer like a pro when pressure spikes.We map investigations from preparation to presentation, showing how evidence collection, handling, and chain of custody turn raw logs into defensible findings. You'll hear how live versus dead forensics trade-offs play out, which artifacts matter across endpoints, networks, and mobile, and why standardized procedures keep teams synchronized. From there, we connect visibility to action: IDS and IPS for detection and control, SIEM for correlation and retention, and egress monitoring to catch data theft and command-and-control that slip past perimeter thinking. Threat intelligence and UEBA add context and behavior baselines so you find the meaningful anomalies without drowning in alerts.We also dig into the operational backbone that keeps environments stable: configuration management, security baselines, and automation to eliminate drift and reduce manual error. Then we anchor on foundational principles—least privilege, need-to-know, separation of duties, job rotation, and PAM—to limit blast radius when credentials or processes fail. Finally, we close with resource protection and media management: classification, encryption, verifiable backups, and secure disposal and transport, so your controls hold up under legal scrutiny and real-world adversaries.Whether you're tightening controls after the F5 news or sharpening focus for the CISSP, this guide to Domain 7 gives you a clear, actionable path. If this was helpful, follow the show, share it with a teammate, and leave a quick review—what Security Operations topic should we explore next?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvhttps://www.jeffersonfisher.com/A spike in ransomware on the factory floor isn't just a headline; it's a stress test for how we design, segment, and measure our defenses. We open with the realities of manufacturing risk—legacy OT, flat networks, and high stakes for uptime—then translate that urgency into a practical walkthrough of CISSP Domain 6: the assessments, testing, and metrics that actually prove security works. Along the way, we share a surprising leadership edge from a trial lawyer's communication book that helps you argue less, align faster, and get executive buy‑in when the first vuln report lights up like a Christmas tree.We break down internal vs external audits and when each makes sense, plus a smart cadence for third‑party and supply chain reviews that acknowledges your perimeter now includes APIs and vendor tunnels. From vulnerability scans and scoped penetration tests to SIEM‑driven log reviews and synthetic transactions, we map out a toolkit that catches issues before users do. We go deeper on secure code reviews, unit/integration testing, and interface testing for APIs, because the quiet paths between services are often where real risk hides.Then we shift to the machinery of proof: breach and attack simulation for continuous validation, compliance checks to spot drift, and the metrics that matter—MTTD, MTTR, patch rates, vuln density, mean time to report. We lay out how to run account reviews, verify backups you can trust, and exercise DR/BC so recovery is muscle memory. Finally, we tackle remediation prioritization, exception handling with compensating controls, and ethical disclosure that minimizes harm while nudging vendors to act. If you're preparing for the CISSP or elevating your program, you'll leave with a clearer map and concrete next steps.If this helped, follow the show, share it with a teammate, and drop a review—what's one control or metric you're upgrading this quarter?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Amira Aly lässt uns tief in ihre Seele blicken. Unser Gespräch ist ehrlich und beeindruckend reflektiert. Sie spricht über ihre Kindheit ohne Vater und das männliche Rollenbild, das daraus entstanden ist. Und wie es sich bis heute auf ihre Beziehungen auswirkt. Nach der Trennung von Oli Pocher versuchen beide, eine gute Familie zu bleiben. Dass das nicht immer einfach war, haben wir miterlebt. Aber es hat sich etwas gewandelt. Was das ist, besprechen wir heute. Auch ich breche an einer Stelle in Tränen aus. Warum, das erfahrt ihr in dieser Folge. Aber woher kommt der Schmerz? Amira erzählt von Situationen aus ihrer Kindheit und Teenagerzeit, über die Wut und die Einsamkeit und über Dinge, über die sie noch nie öffentlich gesprochen hat. Wenn das, was wir uns sehnlichst wünschen, nicht da ist, dann müssen wir Frauen stark werden und uns auf uns selbst verlassen. Das ist was Gutes. Hat aber auch seine Schattenseiten. Aber Gespräche helfen. Immer. Schön dass Ihr Teil davon seid.

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.Guest Socials -⁠ ⁠⁠⁠Allie's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and SushiResources:You can read Allie's blogs here

October is Cybersecurity awareness month. Get ready to explore the imperative of cyber resiliency in today's digital landscape, focusing on strategies for robust data infrastructures and shared responsibility to plan and recover from cyber attacks. Join Pure Storage cyber experts Scott Taylor and Jason Walker as they delve into the critical aspects of cyber resilience. Learn best practices around how to prepare your organization for potential threats, respond effectively during an attack, and recover swiftly to maintain business continuity. We explore essential hygiene factors, the role of SIEM technology, and the importance of a layered resilience strategy, including insights from key alliance partners like Varonis and Superna. We also cover ways that Pure Storage empowers users to withstand cyberattacks and accelerate both cyber and disaster recovery. Hear best practices on how to protect data from ransomware and cyber threats through high-performance, layered resilience, robust data security and immutability, and seamless security integrations. Scott and Jason also tackle common myths and misconceptions about cyber resilience, providing actionable advice to help IT leaders identify and address blind spots. Tune in for hot takes on industry trends and a "Storage Confessions" segment where listeners can share their own screw-up stories.

"I think the biggest trap to potentially fall into is, "Hey, it's moving so fast, so much is changing. Let's just wait it out." Completely the wrong approach. You just gotta get started." Nick Eayrs from Databricks "As tech people within the shipping industry, how do we explain, how do we make it accessible to all our users? So that's where we came up with the idea of a data supermarket, with in mind really the target of enabling self-service for our business. So by giving the analogy of a supermarket, it was much easier at the beginning to explain our business." - Simon Fassot from Hafnia Fresh out of the studio, Nick Eayrs, Vice President of Field Engineering for Asia Pacific and Japan at Databricks, and Simon Fassot, General Manager and Head of Global Data and Analytics at Hafnia, join us to explore how data intelligence is transforming enterprise AI across diverse industries in Asia. Nick explained the fundamental distinction between general intelligence and data intelligence - emphasizing how enterprises gain competitive advantage by training AI on their proprietary data rather than public knowledge. Nick showcased customer success stories including Standard Chartered Bank and TechComBank and shared his perspectives on how senior executives can take advantage of AI by moving fast rather than wait and see. Last but not least, Nick offered what great would look like for Databricks in Asia Pacific and Japan in serving their customers. Adding the lens of the customer, Simon shared Hafnia's transformation from legacy SQL Server systems to a unified Databricks architecture serving their global shipping operations and elaborated on how the company is breaking down silos with their data supermarket and "Marvis" AI copilot for maritime operations based on retrieval augmented generation. This is Part 1 from Databricks Data + AI Event Singapore.  Episode Highlights: [00:00] QOTD by Nick Eayrs and Simon Fassot [00:49] Introduction: Nick Eayrs from Databricks [03:32] Customer obsession means deeply understanding their business context [05:22] Data intelligence versus artificial general intelligence explanation begins [06:42] AI trained on your data creates competitive advantage [08:17] Only 15% of companies have correct AI infrastructure ready [11:17] Don't wait for AI perfection, just get started now [12:30] Agent Bricks simplify AI development using natural language [13:49] Standard Chartered Bank cybersecurity use case with SIEM [16:22] TechCom Bank in Vietnam customer brain with 12,000 customer attributes [18:32] Shared responsibility model for ethical AI deployment [25:24] Asia Pacific psychology focuses on future, not past [26:28] Most important question: How do you get started? [30:18] What does great look like for Databricks? [33:16] Introduction: Simon Fassot from Hafnia [35:18] How Hafnia transformed to full cloud architecture centralizes data through Databricks [36:28] Self-service access needed for 300 onshore, 4000 vessel employees [37:00] Three user types: operations, business intelligence, domain experts and Use Cases for Hafnia [41:32] Unity catalog controls data quality for AI cases [42:21] Two-phase Gen AI: ingest unstructured, then consume data [44:25] How to implement Generative AI: One bad AI answer loses all user trust [45:31] How reports in Hafnia use RAG embedded in workflows [46:47] Data supermarket analogy simplifies self-service for business [48:39] Marvis AI personalizes Gen AI within company context [49:46] Neo4j partnership adds graph capabilities to ecosystem [53:33] DNA Port platform unifies scattered dashboards and applications [54:22] Databricks enables focus on business value over operations Profiles: Nick Eayrs, Vice President of Field Engineering, Asia Pacific & Japan at Databricks LinkedIn: https://www.linkedin.com/in/nick-eayrs/ Simon Fassot, General Manager and Head of Global Data and Analytics at Hafnia LinkedIn: https://www.linkedin.com/in/simon-fassot-68b95135/ Podcast Information: Bernard Leong hosts and produces the show. The proper credits for the intro and end music are "Energetic Sports Drive." G. Thomas Craig mixed and edited the episode in both video and audio format. Here are the links to watch or listen to our podcast. Analyse Asia Main Site: https://analyse.asia Analyse Asia Spotify: https://open.spotify.com/show/1kkRwzRZa4JCICr2vm0vGl Analyse Asia Apple Podcasts: https://podcasts.apple.com/us/podcast/analyse-asia-with-bernard-leong/id914868245 Analyse Asia LinkedIn: https://www.linkedin.com/company/analyse-asia/ Analyse Asia X (formerly known as Twitter): https://twitter.com/analyseasia Sign Up for Our This Week in Asia Newsletter: https://www.analyse.asia/#/portal/signup Subscribe Newsletter on LinkedIn https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7149559878934540288

DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia Website Keystroke Logging Many websites log every keystroke, not just data submitted in forms. https://arxiv.org/pdf/2508.19825

Dave Herrald, Global Head of Cybersecurity GTM at Databricks, tells Jack about transforming security operations through modern data lake architectures and strategic AI implementation. He discusses the practical benefits of separating storage from compute, giving security teams direct control over data retention while maintaining operational flexibility. The conversation explores how organizations can move beyond traditional SIEM limitations by leveraging cost-effective data lake storage with advanced analytics capabilities. They touch on AI agents in security, where Dave advocates for focused agents over broad analyst replacement approaches. He also addresses common concerns about hallucinations, framing them as engineering challenges rather than insurmountable obstacles, and shares real-world examples of successful agent implementations. Topics discussed: Moving from traditional SIEM architectures to modern data lake approaches for cost-effective security analytics and data control. Implementing focused AI agents for specific security tasks like context gathering rather than attempting broad analyst replacement. Leveraging graph analytics for security operations including CMDB visualization, breach scoping, and vulnerability prioritization across enterprise environments. Addressing AI hallucinations through prompt engineering and proper context management rather than avoiding AI implementation entirely. Building detection capabilities using SQL and Python for analytics that provide supersets of traditional SIEM query languages. Creating normalization frameworks using standards like OCSF to enable consistent data analytics across diverse security data sources. Developing career resilience in security through mission-focused thinking, continuous AI learning, and building practical skills. Comparing modern AI agents to traditional SOAR platforms for automation effectiveness and maintenance requirements. Establishing data governance and access controls in security data lakes while maintaining operational flexibility and cost effectiveness. Listen to more episodes:  Apple  Spotify  YouTube Website

Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM's Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.Chapter Timestamps00:00 - Introduction and Industry Trends01:00 - AI and Technology Disruption Discussion02:00 - Upcoming Conference Schedule and Discount Codes04:00 - Podcast Milestone - Approaching One Million Downloads06:30 - Introducing Dan Lauritzen and RSM Defense Team09:00 - Dan's Background - From Military to Cybersecurity12:00 - What is Attack Surface Management?14:00 - Treating Identities as Assets16:00 - The Cyber Kill Chain Explained18:00 - Why Identity and SOC Teams Operate in Silos21:00 - The Role of Data in Modern Security Operations23:00 - Continuous Identity Management and Shared Signals Framework26:00 - Can You Have Too Much Data?29:00 - Breaking Down Silos Between Identity and SOC Teams32:00 - Practical Collaboration Strategies34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape41:00 - Pragmatic Security Strategies and Metrics44:00 - Biggest Misconceptions About Attack Surface Management45:00 - Military Background - Human Intelligence Collection48:00 - Communication Tips for Better Information Gathering51:00 - Closing and Contact InformationConnect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chainLearn more about RSM:RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.htmlRSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy

Black Hat 2025: Crogl's CEO Monzy Merza Explains How AI Can Help Eliminate Alert Fatigue in CybersecurityCrogl CEO Monzy Merza discusses how AI-driven security platforms automate alert investigation using enterprise knowledge graphs, enabling analysts to focus on threat hunting while maintaining data privacy.Security teams drowning in alerts finally have a lifeline that doesn't compromise their data sovereignty. At Black Hat USA 2025, Crogl CEO Monzy Merza revealed how his company is tackling one of cybersecurity's most persistent challenges: the overwhelming volume of security alerts that leaves analysts either ignoring potential threats or burning out from investigation fatigue.The problem runs deeper than most organizations realize. Merza observed analysts routinely closing hundreds of alerts with a single click, not from laziness or malice, but from sheer necessity. "When you look at the history of breaches, the signal of the breach was there. And somebody ignored it," he explained during his ITSPmagazine interview, highlighting a critical gap between alert generation and meaningful investigation.Traditional approaches have failed because they expect human analysts to become "unicorns" - experts capable of mastering multiple data platforms simultaneously while remembering complex query languages and schemas. This unrealistic expectation has created what Merza calls the "human unicorn challenge," where organizations struggle to find personnel who can effectively navigate their increasingly complex security infrastructure.Crogl's solution fundamentally reimagines the relationship between human intuition and machine automation. Rather than forcing analysts to adapt to multiple tools, the platform creates a semantic knowledge graph that maps data relationships across an organization's entire security ecosystem. When alerts arrive, the system automatically conducts investigations using established kill chain methodologies, freeing analysts to focus on higher-value activities like threat hunting and strategic security initiatives.The privacy-first architecture addresses growing concerns about data sovereignty. Operating as a completely self-contained system with no internet dependencies, Crogl can run air-gapped in the most sensitive environments, including defense intelligence communities. The platform connects to existing tools through APIs without requiring data movement, duplication, or transformation.Real-world results demonstrate the platform's versatility. One customer discovered their analysts were using Crogl for fraud detection - an application never intended by the original design. The system's ability to process natural language descriptions and convert them into executable security processes has reduced response times from weeks to minutes for complex threat hunting operations.For security leaders evaluating AI integration, Merza advocates an experimental approach. Rather than attempting comprehensive transformation, he suggests starting with focused pilot programs that address specific pain points. This measured strategy allows organizations to validate AI's value while maintaining operational stability.The broader implications extend beyond security operations. By removing technical barriers and emphasizing domain expertise over tool competency, platforms like Crogl enable security teams to become strategic business enablers rather than reactive alert processors. Organizations gain the flexibility to maintain their preferred data architectures while ensuring comprehensive security coverage across distributed environments.As cyber threats continue evolving, the industry's response must prioritize both technological capability and human potential. Solutions that enhance analyst intuition while automating routine tasks represent a sustainable path forward for security operations at scale. Watch the full interview: https://youtu.be/0GqPtPXD2ik Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.Guest: Monzy Merza, Founder and CEO of CROGL | On Linkedin: https://www.linkedin.com/in/monzymerza/ResourcesLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Ed Bailey, Field CISO at Cribl, shares how Cribl and AWS are helping customers rethink their data strategy by making it easier to modernize, reduce complexity, and unlock long-term flexibility.Topics Include:Ed Bailey introduces topic: bridging gap between security data requirements and budgetCompanies face mismatch: 10TB data needs vs 5TB licensing budget constraintsData volumes growing exponentially while budgets remain relatively flat year-over-yearIT security data differs from BI: enormous volume, variety, complexityMany companies discover 600+ data sources during SIEM migration projects50% of SIEM data remains un-accessed within 90 days of ingestionComplex data collection architectures break frequently and require excessive maintenanceTeams spend 80% time collecting data, only 20% analyzing for valueData collection and storage are costs; analytics and insights provide business valuePoor data quality creates operational chaos requiring dozens of browser tabsSOC analysts struggle with context switching across multiple disconnected systemsTraditional vendor approach: "give us all data, we'll solve problems" is outdatedData modernization requires sharing information widely across organizational business unitsData maturity model progression: patchwork → efficiency → optimization → innovationData tiering strategy: route expensive SIEM data vs cheaper data lake storageSIEM costs ~$1/GB while data lakes cost ~$0.15-0.20/GB for storageCompliance retention data should go to object storage at penny fractionsDecouple data retention from vendor tools to enable migration flexibilityCribl platform offers integrated solutions: Stream, Search, Lake, Edge componentsCustomer success: Siemens reduced 5TB to 500GB while maintaining security effectivenessParticipants:Edward Bailey – Field CISO, CriblFurther Links:Cribl WebsiteCribl on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Guest: Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group Topics: SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster?  Anton might be a “reformed” analyst but I can't resist asking a three legged stool question: of the people/process/technology aspects, which are the hardest for this transformation? What helped the most in solving your big challenges?  Was there a process that people wanted to keep but it needed to go for the new tool? One thing we talked about was the plan to adopt composite alerting techniques and what we've been calling the “funnel model” for detection in Google SecOps. Could you share what that means and how your team is adopting?  There are a lot of moving parts in a D&R journey from a process and tooling perspective, how did you structure your plan and why? It wouldn't be our show in 2025 if I didn't ask at least one AI question!  What lessons do you have for other security leaders preparing their teams for the AI in SOC transition?  Resources: EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP184 One Week SIEM Migration: Fact or Fiction? EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 “Maverick” — Scorched Earth SIEM Migration FTW! blog “Hack the box” site

Guest: Svetla Yankova, Founder and CEO, Citreno Topics: Why do so many organizations still collect logs yet don't detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?  What are the hardest parts about getting the right context into a SOC analyst's face when they're triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above? What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they're buying? Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015? Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do? Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years?  Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes?  Resources: EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog Citreno, The Backstory “Parenting Teens With Love And Logic” book (as a management book) “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876 XRPL.js Compromised An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx Cisco Equipment Affected by Erlang/OTP SSH Vulnerability Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy